package tomsung.cloud.agdc.security;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

/**
 * 安全拦截器
 * 
 * @author MiJunQiang
 *
 */
public class SecurityInterceptor extends HandlerInterceptorAdapter {
	/**
	 * 不进行安全控制的URL
	 */
	private static final String[] IGNORE_URI = { "/sec/login", "/sec/index","/sec/test","/notice/techsupport","/notice/news","/notice/plantmodel",
			"/usermanager/get_verification_code","/usermanager/check_verification_code","/usermanager/reset_passwd", "/upgrade"};

	@Override
	public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
			throws Exception {
		// 忽略例外
		StringBuffer rUrl = request.getRequestURL();
		for (String iUrl : IGNORE_URI) {
			if (rUrl.indexOf(iUrl) != -1) {
				return true;
			}
		}

		// 判断登录
		boolean isLogin = SecurityUtil.isLogin(request);
		if (!isLogin) {
			response.sendRedirect(request.getContextPath());
		}
		return isLogin;
	}

	@Override
	public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
			ModelAndView modelAndView) throws Exception {
		super.postHandle(request, response, handler, modelAndView);
	}
}
